TRG Arts & Purple Seven
Purple Seven and TRG have engaged in a partnership. Purple Seven has expertise in automated data ingest, data management and SaaS solution whilst TRG has strong results oriented consulting as well as a SaaS solution. The intention behind the partnership is to jointly offer clients the benefit of all the solutions both companies have to offer. As Purple Seven and TRG are two separate corporate and legal entities, all dealings between the companies have been covered by contracts that have been completed by both parties.
The contract describes how each party will process data in different circumstances and how the processing of that data conforms not only to all applicable Privacy laws but also ensure that we are operating through a best practice that meets or exceeds the applicable privacy laws.
Fundamentally, both companies believe, at a corporate level, in the proper management of our client’s data. And as such we have set our own standards of data management that meets and exceeds some of the most stringent privacy laws around the world. The purpose of the contracts between Purple Seven and TRG are to ensure that the corporate governance of our client’s data is documented and driven from the highest levels within both companies.
Overview – what is the relationship?
The contracts between the two companies provide clear definitions for the following:
The Data
The definition of the Data generally considers two areas:
- Confidential information (usually ticket sales reports or raw ticketing data). This data does not contain any Personal Information (PI) but does contain information that would reasonable be considered confidential. The definition of reasonable extends to data that would not be generally known outside of the organisation.
- Personal Information (PI). This is data that is usually available within ticketing system extracts that contains information about a living person or data that could be used to identify a living person.
Data Owner
This is the entity who decides what pieces of personal data to collect and for what purposes. To all intents and purposes, our Clients are the Data Controller but sometimes there are other parties involved especially when touring organisations are involved. Understanding who has legal responsibility for the data is a critical initial definition.
Data Processor
The Data Processor is the company (either TRG or Purple Seven) who contracts with the Data Owner to perform services to the Data Owner on the Data. There will always be a contract between the Data Owner and the Data Processor (e.g. between TRG and the Client or between Purple Seven and the Client). This contract will contain a Statement of Work that defines the scope of work to be provided using the Data.
Data Sub-Processor
The Sub Processor (either TRG or Purple Seven) is the company that have been subcontract by the other to perform elements of the statement of work on behalf of the Data Processor. The Data Sub Processor shall only perform services requested of it by the Data Processor.
Examples. The table below details some of the more common example of the relationships.
| Statement of Work | Data Processor | Data Sub-Processor | |
|---|---|---|---|
|
Use of TRG’s ‘Data Center’ using the upload functionality within the Data Center solution |
TRG | NONE |
Because the client is utilising a TRG solution, there is no requirement for Purple Seven to gain access to the data. |
|
Use the Surveys solution within Purple Seven’s ‘Vital Statistics’ solution |
Purple Seven | NONE |
Because the client is utilising a Purple Seven solution, there is no requirement for TRG to gain access to the data. |
|
Consulting work from TRG with Data Collected from Purple Seven (North American client) |
TRG | Purple Seven |
The client is contracting with TRG as the main company delivering the service. TRG outsources (under contract) the data collection and processing to Purple Seven. Purple Seven’s remit is to collect the data and make it available to TRG. Purple Seven cannot use the data for any other purpose. |
|
A Purple Seven client who wants to utilise services from TRG |
Purple Seven | TRG |
The client is already a customer of Purple Seven, so will contract with Purple Seven to deliver consulting services. Purple Seven outsources the consulting work to TRG. TRG cannot use the data for any other purposes. If the client is a UK or EU based client Purple Seven will make available the data to TRG in a manner that does not contravene any of the GDPR principles including the transfer of data outside of the EU. To do this Purple Seven uses security measures and / or anonymisation to ensure compliance. |
0 Comments
Add your comment